pyrax icon indicating copy to clipboard operation
pyrax copied to clipboard

Published 20 hours ago verified publisher icon pycontribs

Security warning in python 2.7.6

Open selipso opened this issue 10 years ago • 12 comments 

/usr/local/lib/python2.7/site-packages/requests/packages/urllib3/connection.py:251: SecurityWarning: Certificate has no `subjectAltName`, falling back to check for a `commonName` for now. This feature is being removed by major browsers and deprecated by RFC 2818. (See https://github.com/shazow/urllib3/issues/497 for details.)
  SecurityWarning
/usr/local/lib/python2.7/site-packages/requests/packages/urllib3/connectionpool.py:734: InsecureRequestWarning: Unverified HTTPS request is being made. Adding certificate verification is strongly advised. See: https://urllib3.readthedocs.org/en/latest/security.html
  InsecureRequestWarning)

The folks at urllib3 are considering removing support for certificates without alt names and I keep getting this warning. when running this on Mac OS X Mavericks with the pyrax package, python version 2.7.6

selipso avatar Feb 04 '15 22:02 selipso

You could try adding the setting:

verify_ssl = False

EdLeafe avatar Feb 04 '15 22:02 EdLeafe

Do not use verify_ssl = False. Verification is still happening properly, but that's a heads up that it might not in the future.

We're aware of that message, and I'm asking around for a status on when the certificate will be updated to work properly here. There aren't any code changes that will have to happen in pyrax as a result of this, but if you need to suppress that warning, it can be done through import urllib3; urllib3.disable_warnings()

briancurtin avatar Feb 04 '15 23:02 briancurtin

Cool thanks

selipso avatar Feb 05 '15 20:02 selipso

It turns out our identity environment is in the process of being redesigned, and a newly updated and more proper certificate is going to be available from there. That environment should be rolled out in early March. If that changes, I will report back here.

briancurtin avatar Feb 11 '15 16:02 briancurtin

For users of pyrax it is better to import the urllib under requests, like described here: https://github.com/kennethreitz/requests/issues/2214

As there is no direct dependency from pyrax users to urllib3.

waky79 avatar Feb 20 '15 09:02 waky79

@briancurtin, is there any update on this issue? Should we still be anticipating a new identity environment that resolves this issue?

fng-jaminr avatar May 14 '15 20:05 fng-jaminr

You should, but I haven't yet received a final timeline for when they will have it rolled out. Once I get an answer from that team I will report here.

briancurtin avatar May 14 '15 21:05 briancurtin

@briancurtin Is there any news on an update for this issue yet?

willisweb avatar Jul 01 '15 09:07 willisweb

I was told today that the environment is likely to go live to production in mid-August. The setup for the new environment has been running in our internal staging system for the last two weeks.

briancurtin avatar Jul 01 '15 18:07 briancurtin

My goodness. It's october and this is still an issue. Any idea when this will be resolved?

marijn avatar Oct 21 '15 17:10 marijn

The last I heard was that migration to the new environment should occur this month. When I know more, I will say so.

briancurtin avatar Oct 21 '15 17:10 briancurtin

I'm waiting on this one as well. I think I'll just leave the warnings up so I know when the update has occurred Rackspace-side.

sammyjava avatar Nov 29 '15 15:11 sammyjava